Post on 07-Jul-2020
October 2015
Cybersecurity Credentials Collaborative (C3)
cybersecuritycc.org
Collaboration Members
Certification Matters
� The Cybersecurity Credentials Collaborative (C3) was formed in 2011 to
provide awareness of and advocacy for vendor-neutral credentials in
information security, privacy, and related IT disciplines. The C3 provides the
cybersecurity industry with a collaborative forum to address matters of
shared concern.
� This presentation provides some basic data and evidence gathered from C3
member organizations regarding why certification matters in our industry.
� There is a documented and increasing need for cybersecurity professionals
with demonstrable skills. Certifications provide a common baseline for
hiring managers, job seekers and technical practitioners.
� The C3 has furthered the professionalization of our industry via the Unified
Framework of Professional Ethics for Security Professionals.
Certification preparation leads to confidence
Well-trained IT professionals are more confident that the
skills they possess are appropriate and useful for their
responsibilities.
Validation reliably attests to the level of knowledge
Certified employees can be relied on to perform at a higher
level and have more domain knowledge than untrained
employees.
Execution is the performance of important business activities
Certified employees can be expected to perform assigned
tasks more consistently, increasing reliability and overall
organizational execution.
Source: CompTIA 2nd Annual IT Career Insights
Why Certification Matters
Retention and Competence
Why Certification Matters
It is a Priority of Hiring Managers and IT Executives
� IT certification is a priority to 86% of hiring managers
� 81% of hiring managers expect IT certification to grow in
importance
� 62% of IT and business executives agree IT certified staff have
proven expertise
� 54% of IT and business executives agree their organization is
more secure from malware & hackers due to staff with IT
certifications
� 73% of IT and business executives agree it's important to test
after training to confirm knowledge gains
Source: CompTIA International Technology Adoption & Workforce Trends
Market Overview:
Cybersecurity Jobs posts are growing and harder to fill
Source: Burning Glass Technologies 2014 ©
Market Overview:
Talent shortage is documented and widening
Table below shows all numbers in the thousands, so projected shortage of skilled
cyber security professionals will exceeded the half million mark in 2016.
Shortfall will exceed one million cyber security professionals in just a few years.
Certification programs help address this gap
Source: (ISC)2 2015 Global Information Security Workforce Survey
Market Overview:
Future Need: Skilled cybersecurity professionals
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
2014 2015 2016 2017 2018 2019
Projection of Need
Security Professional Perception of
Need
Actual
� Top Line: “Projection of Need” is the
assessment of how large the
workforce should be
� Middle Line: “Security Professional
Perception of Need” is the size of the
workforce based on the perceived
need of security professional
� Bottom Line: “Actual” is the current
projection for the worldwide security
professional workforce. “Actual” is
reflected in the previous slide’s table.
As non-dedicated and under-qualified personnel are being asked to perform more critical security
tasks, the result may actually exacerbate the need for additional qualified security professionals.
Certification programs help address this skills need
Source: (ISC)2 2015 Global Information Security Workforce Survey
Why Certification Matters
What experience level has the most demand for new hires?
The vast majority of security professionals anticipate the greatest need for future
resources to be in individual contributor / entry level positions.
2%
2%
6%
12%
78%
C-level Executive
Executive management
Director/Middle manager
Manager
Individual Contributor/Entry Level
Future Employment Gaps
Certification programs impact entry level skills gaps
Source: (ISC)2 2015 Global Information Security Workforce Survey
Information Security Certifications impart a sense of confidence in
the competency and quality of work performed
67%
52% 51%41% 39% 38% 36%
26% 25%
Reasons For Requiring Security Certifications Among Staff
Why Certification MattersInformation Security Certifications are required for critical positions
Source: (ISC)2 2015 Global Information Security Workforce Survey
46%
65%
70%
94%
Information Security or related degree
Knowledge of relevant regulatory policies
Information Security certifications
Relevant Information Security experience
Important Skills Desired From Candidates
Why Certification Matters
Certifications are important when making critical hiring decisions
When making hiring decisions for information security staff
how important is each of the following?
Certifications are a great tool for hiring managers
Source: (ISC)2 2015 Global Information Security Workforce Survey
What are the biggest contributing factors to your career success so far?
Select all that apply.
Source: SANS 2014 Salary Survey and Cyber Security Professionals Trends
Why Certification MattersCertifications are a major contributing factor to career success
Certification programs contribute to career success
11
16
23
27
30
37
45
58
Military training/experience
Master's or higher in technology
Bachelor-level degree in related field
Specialization
Development or operational background
Networking—peers and peer groups
Continued education
Security certifications
Why Certification MattersIndustry Professionalization: Establishing common ethical bonds
� All established and reputable industries have common codes of ethics which
are agreed upon by professional industry associations
� To help further professionalize the cybersecurity industry, the Cybersecurity
Credentials Collaborative (C3) has established a Unified Framework of
Professional Ethics for Security Professionals
� The Unified Framework of Professional Ethics has been adopted by each C3
member organization and in turn endorsed by the ISSA
� Each C3 member organization has resulting individual codes of ethics which
apply to individual certification holders, whereas the Unified Framework
binds all of these individual codes and is applicable to the industry at large
� More complete information at: www.cybersecuritycc.org
Cybersecurity Credentials Collaborative (C3)
Unified Framework of Professional Ethics for Security Professionals
Integrity• Perform duties honorably, justly and responsibly, in accordance with existing laws, exercising the
highest moral principles
• Act in the best interests of stakeholders
• Refrain from activities that would constitute a conflict of interest
• Report ethical violations to the appropriate governing body in a timely manner
Objectivity • Perform all duties in a fair manner and without prejudice
• Exercise professional judgment in order to provide unbiased analysis and advice
• When an opinion is provided, note it as opinion rather than fact
Confidentiality• Respect and safeguard confidential information and exercise due care to prevent improper disclosure
• Maintain appropriate confidentiality of proprietary and otherwise confidential information
encountered in the course of professional activities, unless such action would conceal or result in the
commission of a criminal act
Professional Competence• Perform services diligently and with professionalism
• Render only those services for which you are fully competent and qualified
• Recognize and acknowledge the contributions of others
• Refrain from professional misconduct which would damage the reputation of the profession
• Participate in professional development activities to maintain the skills necessary to function effectively